fss scan
Seven check groups built from real 2025–2026 npm incidents:
malicious lifecycle scripts, known payload file names, obfuscated-eval
signatures, committed credentials, poisoned registries and lockfiles,
rogue binaries, and host persistence artefacts.
exit 0 clean · 1 warnings · 2 critical
fss clean
Finds every node_modules directory, shows sizes and the
total you'll reclaim, and deletes only after confirmation. Never
follows symlinks, never touches anything not literally named
node_modules. --dry-run to preview.
safe by construction
fss outdated
Compares installed versions against the npm registry and highlights
major-version drift. Works with curl or wget, degrades gracefully
offline, and exits non-zero when dependencies lag — ready for CI
gates.
exit 0 current · 1 outdated